| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thursday, 12 May 2022. Over 120 individual programs plus dozens of
programmer libraries and feature plugins are released simultaneously as
part of KDE Gear.
Today they all get new bugfix source releases with updated translations,
including:
* dolphin: The terminal panel will keep in sync with quick folder
changes now
* kate: Fix crash on session restore
* kalendar: Fix ’next week’ button in the week’s view
The full changelog can be found at
https://kde.org/announcements/changelogs/gear/22.04.1/
|
|
|
|
| |
Approved by: portmgr (blanket)
|
|
|
|
| |
Approved by: portmgr (blanket)
|
|
|
|
| |
Changes: https://metacpan.org/dist/Crypt-OpenSSL-X509/changes
|
|
|
|
| |
Changes: https://github.com/duo-labs/py_webauthn/releases
|
|
|
|
|
| |
PR: 263586
Reported by: amdmi3
|
|
|
|
|
|
|
| |
- Update pkg-descr
- Update WWW
Changes: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst
|
|
|
|
|
|
| |
- Add NO_ARCH
Changes: https://github.com/hynek/argon2-cffi/releases
|
|
|
|
|
| |
Changes: https://github.com/Yubico/libfido2/blob/main/NEWS
https://developers.yubico.com/libfido2/Release_Notes.html
|
|
|
|
|
|
|
| |
argon2-cffi-bindings provides low-level CFFI bindings to the Argon2 password
hashing algorithm including a vendored version of them.
WWW: https://github.com/hynek/argon2-cffi-bindings
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Check for orphaned network interface at the time of start, and if such
an interface exists then destroy it before starting tailscaled. When
tailscaled terminates unexpectedly it fails to cleanup, leaving the
orphaned interface behind. This results in it failing to start until
the interface is cleaned up, making it unsuitable for being monitored
by a service monitoring software (e.g. monit)
Reported by: ler
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Haiti is a CLI tool (and library) to identify hash types (hash type
identifier).
Features:
- 442+ hash types detected
- Modern algorithms supported (SHA3, Keccak, Blake2, etc.)
- Hashcat and John the Ripper references
- CLI tool and library
- Hackable
WWW: https://noraj.github.io/haiti/
Reviewed by: danfe, ruby (sunpoet)
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D35032
|
| |
|
|
|
|
|
|
| |
PR: 263653
Reported by: marco+freebsd@crowdsec.net (maintainer)
MFH: 2022Q2 (bugfix release)
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://github.com/Nitrokey/libnitrokey/releases/tag/v3.7
*Nitrokey Pro v0.14 support;
*Udev rules update;
*Stability fixes.
PR: 263701
Reported by: monwarez@mailoo.org (maintainer)
|
| |
|
| |
|
| |
|
|
|
|
| |
Changes: https://github.com/mozilla/sops/releases/tag/v3.7.3
|
|
|
|
|
|
|
|
|
|
| |
* Fixed configuration file revision incrementing even when password is
changed from the client.
* Sanitize Method in HttpSendNotImplemented.
* Added support for V_ASN1_GENERALIZEDTIME notation for certificate
expiration dates.
Changes: https://www.softether.org/5-download/history
|
|
|
|
| |
Obtained from: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
|
|
|
|
| |
Approved by: portmgr (blanket)
|
|
|
|
|
|
|
|
|
| |
This version is deprecated and unsupported upstream. The port needs an
update, which would require a fair amount of effort. Use OpenVPN or
Wireguard with configuration files provided by ProtonVPN instead.
Reviewed by: diizzy, tcberner
Approved by: gerald (mentor)
|
|
|
|
|
|
|
|
| |
- Switch to GO_MODULE method
ChangeLog: https://github.com/gopasspw/gopass/blob/master/CHANGELOG.md
PR: 263876
|
|
|
|
|
|
|
| |
Changes: https://github.com/strongswan/strongswan/releases/tag/5.9.6
PR: 263748
Approved by: Francois ten Krooden (maintainer)
|
|
|
|
|
| |
PR: 263764
Reported by: VVD <vvd@unislabs.com>
|
|
|
|
| |
ChangeLog: https://app-updates.agilebits.com/product_history/CLI2
|
|
|
|
| |
Update to the latest w1.fi commit, proxied through my GH account.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now supports:
* Google Public CA
* NotBefore and NotAfter fields
re: https://github.com/acmesh-official/acme.sh/releases/tag/3.0.4
https://github.com/acmesh-official/acme.sh/releases/tag/3.0.3
|
|
|
|
| |
Reported by: fallout
|
|
|
|
| |
Changes: https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
|
|
|
|
|
| |
Relnotes:
https://github.com/secure-systems-lab/securesystemslib/releases/tag/v0.23.0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes since v5.2.0:
Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
Ports
* Updated support for Stunnel to version 5.61
* Add i.MX8 NXP SECO use for secure private ECC keys and expand
cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Allow encrypt then mac with Apache port
* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature
data for TSIP / SCE example
* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
* Add support for FFMPEG with the enable option --enable-ffmpeg, FFMPEG is
used for recording and converting video and audio (https://ffmpeg.org/)
* Update the bind port to version 9.18.0
Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards
and port to STM32U585
Compatibility Layer Additions
* Add port to support libspdm
(https://github.com/DMTF/libspdm/blob/main/README.md), compatibility
functions added for the port were:
- ASN1_TIME_compare
- DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility
layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom
parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the
expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with
compatibility layer enabled
Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and
tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the
signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size
if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with
wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs
for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key)
callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate
call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void userCtx)
and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX ctx) for setting and getting a user
context
* wolfRand for AMD --enable-amdrand
Fixes
PORT Fixes
* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes
and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0’s and for ECC
signatures
Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than
modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge
case tests
* TFM fp_div_2_ct rework to avoid potential overflow
Misc.
* Fix for PKCS#7 with Crypto Callbacks
* Fix for larger curve sizes with deterministic ECC sign
* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
* Remove extra padding when AES-CBC encrypted with PemToDer
* Fixes for TLS v1.3 early data with async.
* Fixes for async disables around the DevCopy calls
* Fixes for Windows AES-NI with clang compiler
* Fix for handling the detection of processing a plaintext TLS alert packet
* Fix for potential memory leak in an error case with TLSX supported groups
* Sanity check on input size in DecodeNsCertType
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
Improvements/Optimizations
Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using
--disable-makeclean
* Enable TLS 1.3 early data when specifying --enable-all option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version
2.4.7
* Fixes for Diab C89 and armclang
* Fix mcapi_test.c to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that
RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
Math Libraries
* Add RSA/DH check for even modulus
* Enhance TFM math to handle more alloc failure cases gracefully
* SP ASM performance improvements mostly around AArch64
* SP ASM improvements for additional cache attack resistance
* Add RSA check for small difference between p and q
* 6-8% performance increase with ECC operations using SP int by improving the
Montgomery Reduction
Testing and Validation
* All shell scripts in source tree now tested for correctness using shellcheck
and bash -n
* Added build testing under gcc-12 and -std=c++17 and fixed warnings
* TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple
ContantTime tests ensuring ongoing mitigation against side-channel timing
based attacks. Algorithms being assessed on this machine are: AES-CBC,
AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater
testing coverage of windows use-cases
Misc.
* Support for ECC import to check validity of key on import even if one of the
coordinates (x or y) is 0
* Modify example app to work with FreeRTOS+IoT
* Ease of access for cert used for verifying a PKCS#7 bundle
* Clean up Visual Studio output and intermediate directories
* With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
* Improvement for wc_EccPublicKeyToDer to not overestimate the buffer size
required
* Fix to check if wc_EccPublicKeyToDer has enough output buffer space
* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT
easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* Don't force a ECC CA when a custom CA is passed with -A
* Add peer authentication failsafe for TLS 1.2 and below
* Improve parsing of UID from subject and issuer name with the compatibility
layer by
* Fallback to full TLS handshake if session ticket fails
* Internal refactoring of code to reduce ssl.c file size
|
| |
|
|
|
|
| |
PR: 263826
|
|
|
|
| |
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
easyrsa running on systems with bsdgrep for grep
fails issuing certs because it attempts \d as shorthand for
[[:digit:]] or [0-9] and triggers a grep failure with diagnostic
grep: trailing backslash (\)
Filed upstream: https://github.com/OpenVPN/easy-rsa/issues/556
PR: 263812
Submitted by: grembo@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fixing quirks
- PORTREVISION cannot be empty
- complete pkg-plist
- remove dead REINPLACE_CMD
Approved by: portmgr@ (blanket, fix broken port)
Related to:
PR: 263818
|
|
|
|
|
|
|
|
|
| |
commits up to 413877f522e bring a number new developments, especially
hardening the server against TLS state exhaustion and being abused
for reflection/amplification attacks, a full MTU/MSS handling rehaul,
and proper OpenSSL 3.0.x support.
PR: 263818
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also,
- Add one missing license.
- Remove LICENSE_FILE for GPLv2+, as suggested by section 13.20 of the
Porter's handbook.
- Fix pkg-descr lines length.
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D35137
|
| |
|
|
|
|
| |
Relnotes: https://github.com/snort3/snort3/releases/tag/3.1.29.0
|
|
|
|
|
| |
PR: 262582
Reported by: Eric Camachat <eric@camachat.org> (maintaner)
|
| |
|
| |
|
|
|
|
|
| |
Security: fceb2b08-cb76-11ec-a06f-d4c9ef517024
MFH: 2022Q2
|